1. Field of the Invention
The present invention relates generally to computer software and computer network management. More specifically, the present invention relates to server-based management software and software registration in a computer network.
2. Discussion of Related Art
In recent years, computer networks have grown not only in size, such as number of users or geographical coverage, but also in terms of the types of services and protocols a single network can provide and support. Many computer networks allow end-users access to all types of services, such as perusing news services or accessing the Internet, and do not restrict users to one mandatory or required network communication protocol. With the proliferation of services available on some computer networks is the increasing burden on system or network administrators of managing those services. A system administrator now typically has to install and manage software on several servers where each server typically hosts or provides one or more services to network users. Depending on the size of the network and the number of services, the day-to-day management, for example, installing, upgrading, and trouble-shooting, the software behind these services can become a tedious, error-prone, and time-consuming task for a system administrator. This is particularly true with regard to system administrators who are not familiar with the network, the servers, or the configuration of those servers.
In a large-scale computer network that provides many types of services and applications as described above, there are typically several or many server machines accessible by end-users or clients. The fact that there are multiple servers on the network is usually transparent to a typical end-user who is not normally concerned with the physical configuration of the network. A system administrator responsible for managing a computer network normally does so from a server and console, generically described as an administration server, such as a Web server. FIG. 1 is a block diagram of a computer network having multiple servers accessible by end-users and connected to an administration server not configured with the automated management capabilities of the present invention. A computer network 102 has an administrator console shown as client 104 connected to a Web or administrator server 106. Connected to Web server 106 are multiple "service" servers 108. From the perspective of administration server 106, servers 108 are referred to as management clients. Although from an end-user's perspective, they are simply servers, where each server may have a particular function or provide a particular service.
When an update, installation, or any type of maintenance is done on application software residing on one of the servers 108 or a new server is added to network 102, the system administrator must modify software on administration server 106 accordingly. For example, if a new feature is installed on an existing mail server or a new mail server is being added, the administrator must note or remember the location and other information of the new feature or server at the time of the update. The administrator installs a new application on a server 110. This information, including the location of any management modules of the new application, which can be in the form of a Uniform Resource Locator, must then be entered at console 104. Once manually entered at administrator console 104, the information needed to manage the new software or server is reflected on administrator server 106. At this stage the location of any management modules on server 110 are available to the system administrator from administrator console 104. The new mail feature from the example cannot be managed or properly configured by end users until it is "registered" with the administrator server 106. Administration server 106 must know where to find the management modules associated with the new mail feature on management clients 108 before end-users can begin using the software.
This is an inefficient process for the administrator and inconvenient for end-users who have come to expect new applications on their networks to be available for use as soon as possible. This process is also error-prone since the administrator has to perform manual or non-automated tasks such as writing down information on the new feature or server during installation, which must later be entered at a administrator console. This problem is exacerbated if there are dozens of servers, each with many applications (e.g. 30 is not unusual), that have frequent updates, corrections, or new versions that need to be installed in a timely and accurate manner. In this type of setting, managing network services can not only be inefficient, time-consuming, and error-prone, but impractical.
One problem with present Web server based networks typically having multiple service hosts is designing and implementing a user authentication mechanism. A Web server based computer network, or any type of computer network, must have an authentication protocol or mechanism to ensure that a user can perform only those operations or access those files the user is authorized to perform or access. In the case of managing services on the multiple service hosts, there can be more than one system administrator responsible for maintaining the services on those hosts. It is possible that certain administrators are not given complete authorization to perform all possible operations on the Web server and the service hosts, which may only be given to, for example, a senior or "super" system administrator. Thus, since managing services on the hosts is an administration task done through an administration interface, some type of user authentication is necessary.
Although authentication does exist for Web-based networks, present implementations and designs for user authorization are inefficient and repetitive. The authentication referred to here is the verification and authorization of system or network administrators for managing services on service hosts in a network from a browser on an administration console. Typically each service on a service host and its one or more management modules have different authentication mechanisms or standards. There is no clear standard on a protocol or process for implementing authentication and access control in a distributed manner on a Web server based system. A system administrator must re-authenticate every time the administrator signs on to a service host since the service hosts are not in communication with each other. A browser program can be run on a client running any type of operating system, thus, the browser being used by the administrator may not be on a UNIX-based client and may not have a known UNIX identity. Since the browser does not have a known UNIX identity, an identity cannot be communicated from one service host to other service hosts. Thus, a system administrator must go through an authentication process for each service host since the administrator does not have a single or globally recognized identity.
Therefore, it would be desirable to manage end-user application software and services available on a computer network from a central location by having any necessary software for managing those applications and services automatically registered at the central location during installation and accessible from a well-known location. It would also be desirable to have an authentication mechanism that provides for single sign on that functions within the environment of a Web server and that server's existing system of user identity and access control. Further, it would be desirable to achieve this from a central location and by assigning a universal identity to a user managing services from a browser in a Web-server based network.